CVE-2017-1000223: XSS
First published: Fri Nov 17 2017(Updated: )
A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MODx Revolution | <=2.5.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-1000223?
CVE-2017-1000223 is considered a moderate severity vulnerability due to the potential for an authenticated user to execute malicious JavaScript.
How do I fix CVE-2017-1000223?
To fix CVE-2017-1000223, upgrade MODX Revolution CMS to version 2.5.7 or later.
Who is affected by CVE-2017-1000223?
CVE-2017-1000223 affects users of MODX Revolution CMS version 2.5.6 and earlier with permissions to edit users.
What type of vulnerability is CVE-2017-1000223?
CVE-2017-1000223 is a stored web content injection vulnerability, also known as XSS.
What could be the impact of CVE-2017-1000223?
The impact of CVE-2017-1000223 could allow attackers to take control of victims' accounts by injecting malicious scripts.
- agent/type
- agent/softwarecombine
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/modx
- canonical/modx revolution
- version/modx revolution/2.5.6